1 votes

Adam Mika avatar

Comment trouver les vbscripts exécutés sur les serveurs Windows ?

Demandé el 19 de Août, 2019
Quand la question a-t-elle été
165 affichage
Nombre de visites la question a
2 Réponses
Nombre de réponses aux questions
Résolu
Situation réelle de la question

Cette question s'adresse à un fournisseur de services gérés qui gère des milliers de serveurs Windows 2012-2016. Le patch Microsoft d'août 2019 prétend casser de nombreux (tous ?) scripts VB.

J'ai la possibilité d'exécuter des commandes wmi et/ou ansible sur ces machines ou d'envoyer les employés de nuit du NOC sur ces machines avec un bureau à distance.

Existe-t-il un moyen de savoir si des scripts VB sont exécutés sur une machine donnée (dans le cadre de services provenant d'applications disparates). Il a été suggéré de rechercher simplement *.vba sur le système de fichiers, mais je pense que cela pourrait entraîner quelques faux positifs et faux négatifs.

Demandé el 19 de Août, 2019 par Adam Mika

Réponses

Trop de publicités?

1voto

Chris avatar
Chris Points 945

Je rechercherais des tâches planifiées qui exécutent des scripts, et si vous avez AV ou FSRM sur les serveurs, je le configurerais pour qu'il enregistre lorsque l'hôte de script s'exécute, ou qu'un fichier vbs/wsf est ouvert.

Répondu el 20 de Août, 2019 par Chris (945 Points )

1voto

Hackoo avatar
Hackoo Points 115

Je ne sais pas si mon ancien vbscript peut vous aider dans votre cas ou non :

Ce vbscript va donc générer un fichier Excel comme rapport où vous trouverez de nombreuses informations utiles comme : Toutes les tâches , Pas de tâches Microsoft , services et les éléments de démarrage.

Option Explicit
Const xlCenter = -4108
Dim objExcel,objWorkbook,objWorksheet,x,objFSO,objCSVFile,arrStr,i
Dim TaskName,CommandLine,Next_Execution,objRange,Date_Debut,Date_Heure
Dim WS,Command_Query_No_Microsoft_Tasks,Log_CSV_Tasks,Task_Status
Dim Last_Date,Log_CSV_ALL_Tasks,Command_Query_ALL_Tasks,strExcelPath

Set WS = CreateObject("Wscript.Shell")
strExcelPath = WS.RegRead("HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\excel.exe\")
If strExcelPath = "" Then
    MsgBox "Unable to export. Excel does not appear to be installed.", vbExclamation, "PC Infos"
End If

Log_CSV_ALL_Tasks = WS.ExpandEnvironmentStrings("%Temp%\Log_CSV_ALL_Tasks.txt")
Log_CSV_Tasks = WS.ExpandEnvironmentStrings("%Temp%\Log_CSV_Tasks.txt")

Command_Query_ALL_Tasks = "CMD /C Schtasks /Query /NH /FO CSV /V>"& Log_CSV_ALL_Tasks &""
WS.Run Command_Query_ALL_Tasks,0,True

Command_Query_No_Microsoft_Tasks = "CMD /C Type "& Log_CSV_ALL_Tasks &" | FindStr /I /V "&_
DblQuote("MICRO")&">"& Log_CSV_Tasks &""
WS.Run Command_Query_No_Microsoft_Tasks,0,True

Set objExcel = CreateObject("Excel.Application")
objExcel.Visible = True
'To Open Excel in Full Screen
objExcel.DisplayFullScreen = True
objExcel.ScreenUpdating = False
objExcel.Workbooks.Add

Call Add_Sheet(1,7,"ALL_Tasks",Log_CSV_ALL_Tasks)
Call Add_Sheet(2,6,"No_Microsoft_Tasks",Log_CSV_Tasks)

Call Startup()
Call No_Microsoft_Services()

Call SaveWorkBook("PC_Infos")
objExcel.ScreenUpdating = True
'Scheduled_Tasks
'--------------------------------------------------
Sub Add_Sheet(Sheet_Index, TabColorIndex, Sheet_Name, CSV_To_Parse)

Set objWorksheet = objExcel.Worksheets(Sheet_Index)
objWorksheet.Tab.ColorIndex = TabColorIndex

With objExcel
    .WorkSheets(Sheet_Index).Name = Sheet_Name
    .WorkSheets(Sheet_Name).Select'
    .Cells(1, 1).Value = "Nom de la tâche"
    .Cells(1, 1).Font.Bold = TRUE
    .Cells(1, 1).Interior.ColorIndex = 43
    .Cells(1, 1).Font.ColorIndex = 2
    .Cells(1, 1).HorizontalAlignment = xlCenter
'--------------------------------------------------
    .Cells(1, 2).Value = "Ligne de Commande"
    .Cells(1, 2).Font.Bold = TRUE
    .Cells(1, 2).Interior.ColorIndex = 43
    .Cells(1, 2).Font.ColorIndex = 2
    .Cells(1, 2).HorizontalAlignment = xlCenter
'--------------------------------------------------
    .Cells(1, 3).Value = "Prochaine exécution"
    .Cells(1, 3).Font.Bold = TRUE
    .Cells(1, 3).Interior.ColorIndex = 43
    .Cells(1, 3).Font.ColorIndex = 2
    .Cells(1, 3).HorizontalAlignment = xlCenter
'--------------------------------------------------
    .Cells(1, 4).Value = "Statut de la tâche planifiée"
    .Cells(1, 4).Font.Bold = TRUE
    .Cells(1, 4).Interior.ColorIndex = 43
    .Cells(1, 4).Font.ColorIndex = 2
    .Cells(1, 4).HorizontalAlignment = xlCenter
'--------------------------------------------------
    .Cells(1, 5).Value = "Date de début"
    .Cells(1, 5).Font.Bold = TRUE
    .Cells(1, 5).Interior.ColorIndex = 43
    .Cells(1, 5).Font.ColorIndex = 2
    .Cells(1, 5).HorizontalAlignment = xlCenter
'--------------------------------------------------
    .Cells(1, 6).Value = "Heure de début"
    .Cells(1, 6).Font.Bold = TRUE
    .Cells(1, 6).Interior.ColorIndex = 43
    .Cells(1, 6).Font.ColorIndex = 2
    .Cells(1, 6).HorizontalAlignment = xlCenter
'--------------------------------------------------
    .Cells(1, 7).Value = "Heure de la dernière exécution"
    .Cells(1, 7).Font.Bold = TRUE
    .Cells(1, 7).Interior.ColorIndex = 43
    .Cells(1, 7).Font.ColorIndex = 2
    .Cells(1, 7).HorizontalAlignment = xlCenter
'--------------------------------------------------
End With

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objCSVFile = objFSO.OpenTextFile(CSV_To_Parse,1)
x = 1
Do while NOT objCSVFile.AtEndOfStream
    arrStr = split(objCSVFile.ReadLine,",")
    TaskName = DeQuote(Replace(arrStr(1),"\",""))
    CommandLine = DeQuote(DeQuote(arrStr(8)))
    Next_Execution = DeQuote(DeQuote(arrStr(2)))
    Task_Status = Replace(DeQuote(DeQuote(arrStr(11))),"‚","é")
    Task_Status = Replace(Task_Status,""," ")
    Task_Status = Replace(Task_Status,""""," ")
    Date_Debut = DeQuote(DeQuote(arrStr(20)))
    Date_Heure = DeQuote(DeQuote(arrStr(19)))
    Date_Heure = Replace(Date_Heure,"?","'")
    Last_Date = DeQuote(DeQuote(arrStr(5)))
    x = x + 1
    With objExcel
        .Cells(x,1) = TaskName
        .Cells(x,2) = CommandLine
        .Cells(x,3) = Next_Execution
        .Cells(x,4) = Task_Status
        .Cells(x,5) = Date_Debut
        .Cells(x,6) = Date_Heure
        .Cells(x,7) = Last_Date
        If Ucase(Next_Execution) = "N/A" Then
            .Cells(x, 1).Font.ColorIndex = 3
            .Cells(x, 2).Font.ColorIndex = 3
            .Cells(x, 3).Font.ColorIndex = 3
            .Cells(x, 4).Font.ColorIndex = 3
            .Cells(x, 5).Font.ColorIndex = 3
            .Cells(x, 6).Font.ColorIndex = 3
            .Cells(x, 7).Font.ColorIndex = 3
        Else
            .Cells(x, 1).Font.ColorIndex = 10
            .Cells(x, 2).Font.ColorIndex = 10
            .Cells(x, 3).Font.ColorIndex = 10
            .Cells(x, 4).Font.ColorIndex = 10
            .Cells(x, 5).Font.ColorIndex = 10
            .Cells(x, 6).Font.ColorIndex = 10
            .Cells(x, 7).Font.ColorIndex = 10
        End If
    End With
Loop
objCSVFile.Close

Set objRange = objWorksheet.UsedRange
objRange.EntireColumn.Autofit()
End Sub
'-------------------------------------------------
Function DeQuote(S)
    If Left(S,1) = """" And Right(S, 1) = """" Then 
        DeQuote = Trim(Mid(S, 2, Len(S) - 2))
    Else 
        DeQuote = Trim(S)
    End If
End Function
'-------------------------------------------------
Function DblQuote(Str)
    DblQuote = Chr(34) & Str & Chr(34)
End Function
'-------------------------------------------------
Sub SaveWorkBook(FileName)
Dim FSO : Set FSO = CreateObject("Scripting.FileSystemObject")
Dim Network : Set Network = CreateObject("WScript.Network")
Dim Computer : Computer = Network.ComputerName
Dim xlVer,Suffix,Ws
Set Ws = CreateObject("WScript.Shell")
Suffix = computer & "_" & Date & "_" & Time
Suffix = Replace(Suffix,"/","_")
Suffix = Replace(Suffix,":","-")
' Check Excel Version (12.0 = 2007)
xlVer = Split(objExcel.Version,".")(0) 
If xlVer >= "12" Then
    objExcel.ActiveWorkbook.SaveAs fso.GetAbsolutePathName(".") & "\" & FileName & "_" & Suffix & ".xlsx"
    objExcel.DisplayAlerts = True
    Ws.Run DblQuote(fso.GetAbsolutePathName(".") & "\" & FileName & "_" & Suffix & ".xlsx")
' 56 = Excel 97-2003
' Voir la page http://msdn.microsoft.com/en-us/library/microsoft.office.interop.excel.xlfileformat.aspx
Else
    objExcel.ActiveWorkbook.SaveAs fso.GetAbsolutePathName(".") & "\" & FileName & "_" & Suffix & ".xls",56
    objExcel.DisplayAlerts = True
    Ws.Run DblQuote(fso.GetAbsolutePathName(".") & "\" & FileName & "_" & Suffix & ".xls")
End If
End Sub
'----------------------------------------------------------------------------------
Sub Startup()
    Dim strComputer,objMIService,colStartupCommands,objWorkSheet,objStartupCommand
    Dim strStartupName,strStartupUser,strStartupLocation,strStartupCommand,intStartRow
    strComputer = "."
    Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
    Set colStartupCommands = objWMIService.ExecQuery ("Select * from Win32_StartupCommand")
    'objExcel.ActiveWorkbook.Sheets.Add
    Set objWorksheet = objExcel.Worksheets(3)
    objWorkSheet.Name = "Startup Details"
    objWorksheet.Tab.ColorIndex = 3
    intStartRow = 2
    objWorkSheet.Cells(1, 1).Interior.ColorIndex = 43
    objWorkSheet.Cells(1, 1).Font.ColorIndex = 2
    objWorkSheet.Cells(1, 2).Interior.ColorIndex = 43
    objWorkSheet.Cells(1, 2).Font.ColorIndex = 2
    objWorkSheet.Cells(1, 3).Interior.ColorIndex = 43
    objWorkSheet.Cells(1, 3).Font.ColorIndex = 2
    objWorkSheet.Cells(1, 4).Interior.ColorIndex = 43
    objWorkSheet.Cells(1, 4).Font.ColorIndex = 2
    objWorkSheet.Cells(1, 1) = "Startup Item"
    objWorkSheet.Cells(1, 2) = "User"
    objWorkSheet.Cells(1, 3) = "Command Line"
    objWorkSheet.Cells(1, 4) = "Startup Location"

    For Each objStartupCommand in colStartupCommands
        strStartupName = Trim(objStartupCommand.Name)
        strStartupUser = objStartupCommand.User
        strStartupLocation = objStartupCommand.Location
        strStartupCommand = objStartupCommand.Command
        objWorkSheet.Cells(intStartRow, 1) = strStartupName
        objWorkSheet.Cells(intStartRow, 2) = strStartupUser
        objWorkSheet.Cells(intStartRow, 3) = strStartupLocation
        objWorkSheet.Cells(intStartRow, 4) = strStartupCommand
        intStartRow = intStartRow + 1
    Next
    objWorkSheet.Columns("A:A").EntireColumn.AutoFit
    objWorkSheet.Columns("B:B").EntireColumn.AutoFit
    objWorkSheet.Columns("C:C").EntireColumn.AutoFit
    objWorkSheet.Columns("D:D").EntireColumn.AutoFit
End Sub
'----------------------------------------------------------------------------------
Sub No_Microsoft_Services()
Dim strComputer,objWMIService
Dim State,colServices,x,objService,objWorksheet,objWorkbook
Set objWorksheet = objExcel.ActiveWorkbook.Sheets.Add
objWorksheet.Name = "No-Microsoft_Services"
objExcel.WorkSheets("No-Microsoft_Services").select
objWorksheet.Tab.ColorIndex = 8

' Format the cell A1 and add the text: Service Name
objWorkSheet.Cells(1, 1).Value = "Service Name"
objWorkSheet.Cells(1, 1).Font.Bold = TRUE
objWorkSheet.Cells(1, 1).Interior.ColorIndex = 43
objWorkSheet.Cells(1, 1).Font.ColorIndex = 2
' Format the cell A2 and add the text: Display Name
objWorkSheet.Cells(1, 2).Value = "Display Name"
objWorkSheet.Cells(1, 2).Font.Bold = TRUE
objWorkSheet.Cells(1, 2).Interior.ColorIndex = 43
objWorkSheet.Cells(1, 2).Font.ColorIndex = 2
'*************************************************
' Format the cell A3 and add the text: State
objWorkSheet.Cells(1, 3).Value = "State"
objWorkSheet.Cells(1, 3).Font.Bold = TRUE
objWorkSheet.Cells(1, 3).Interior.ColorIndex = 43
objWorkSheet.Cells(1, 3).Font.ColorIndex = 2
'*************************************************
' Format the cell A4 and add the text: Executable Path
objWorkSheet.Cells(1, 4).Value = "Executable Path"
objWorkSheet.Cells(1, 4).Font.Bold = TRUE
objWorkSheet.Cells(1, 4).Interior.ColorIndex = 43
objWorkSheet.Cells(1, 4).Font.ColorIndex = 2
'*************************************************
' Format the cell A5 and add the text: Description
objWorkSheet.Cells(1, 5).Value = "Description"
objWorkSheet.Cells(1, 5).Font.Bold = TRUE
objWorkSheet.Cells(1, 5).Interior.ColorIndex = 43
objWorkSheet.Cells(1, 5).Font.ColorIndex = 2

' Find the Non-Microsoft Windows services on this computer
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colServices = objWMIService.ExecQuery("Select * From Win32_Service where Not PathName like '%Micro%' AND Not PathName like '%Windows%'")
' Write each service to Excel, starting in A2
x = 1
For Each objService in colServices
    x = x + 1
    objWorkSheet.Cells(x, 1) = objService.Name
    objWorkSheet.Cells(x, 2) = objService.DisplayName
    objWorkSheet.Cells(x, 3) = objService.State
    objWorkSheet.Cells(x, 4) = objService.PathName
    objWorkSheet.Cells(x, 5) = objService.Description
    State = objService.Started
    If State Then 
        objWorkSheet.Cells(x, 1).Font.ColorIndex = 10
        objWorkSheet.Cells(x, 2).Font.ColorIndex = 10
        objWorkSheet.Cells(x, 3).Font.ColorIndex = 10
        objWorkSheet.Cells(x, 4).Font.ColorIndex = 10
        objWorkSheet.Cells(x, 5).Font.ColorIndex = 10
    ELSE
        objWorkSheet.Cells(x, 1).Font.ColorIndex = 3
        objWorkSheet.Cells(x, 2).Font.ColorIndex = 3
        objWorkSheet.Cells(x, 3).Font.ColorIndex = 3
        objWorkSheet.Cells(x, 4).Font.ColorIndex = 3
        objWorkSheet.Cells(x, 5).Font.ColorIndex = 3
    end if
Next

objWorkSheet.Columns("A:A").EntireColumn.AutoFit
objWorkSheet.Columns("B:B").EntireColumn.AutoFit
objWorkSheet.Columns("C:C").EntireColumn.AutoFit
objWorkSheet.Columns("D:D").EntireColumn.AutoFit
objWorkSheet.Columns("E:E").EntireColumn.AutoFit
End Sub
'----------------------------------------------------------------------------------
Répondu el 18 de Août, 2020 par Hackoo (115 Points )

Questions en vedette

Top Tags

Dans notre réseau

SistemesEz.com

SystemesEZ est une communauté de sysadmins où vous pouvez résoudre vos problèmes et vos doutes. Vous pouvez consulter les questions des autres sysadmins, poser vos propres questions ou résoudre celles des autres.

Powered by:

Yandex
X